Red Hat Bugzilla – Bug 625399
remmina exposes passwords to "ps"
Last modified: 2010-10-30 20:46:34 EDT
Description of problem: says it all really. remmina uses the "-pPASSWORD" option in rdesktop instead of using "-p -" and passing the password on stdout - as tsclient does Version-Release number of selected component (if applicable): remmina-0.7.5-1.fc12.i686 How reproducible: connect to a RDP client and then run "ps aux|grep rdesktop" in a terminal Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Thanks for your bug report. I have forwarded it to the upstream bug tracker at https://sourceforge.net/tracker/?func=detail&aid=3062032&group_id=278330&atid=1181674 Nevertheless I'll leave this one open until the problem is resolved.
Upstream has decided to not fix the issue as they have switched to freerdp now. I will try to bring the new version to Fedora soon.
Are you sure it's still a problem? I'm now running F13, and "ps" shows rdesktop -u user-name -d dom -p XXXXXXXXXXXXXX -a 24 ...instead of the password. Maybe something changed in rdesktop to hide the password string? This is with rdesktop-1.6.0-7.fc12.i686 remmina-0.7.5-1.fc13.i686
Confirmed, same behavior on Fedora 14, versions of the packages are the same. I know for sure that remmina has not changed and according to the changelog rdesktop has not changed ether. Anyway, the issue is fixed (I never verified it actually existed, I just relied on the bug report).